1. What personal data do we collect from you?
Personal data is any information about a specific or identifiable natural person that you communicate to us and that is generated or collected by us. This includes:
Content data: If you approach us with an enquiry by email, the content data supplied by you and related data about you as well as the information made available by you will be processed.If your enquiry is made by email, telephone or fax directly to a partner company which we have specified as Distributor under the heading "Contact", your information is processed by this partner under their own responsibility.
Server log data: When you use our websites, data (such as the date and time of your visit, the pages visited and data files requested, the type and version of the web browser you use, the type and operating system of the end device you use as well as your IP address) is temporarily saved in a protocol file.
Usage data: We set up anonymous or pseudonymous usage profiles about your use of our website with the help of cookies or web analysis programmes, which we use to track how our website is used.
2. For what purpose, on what legal basis and how long do we process your personal data?
2.1 Your enquiries
When you contact us with an enquiry by email, we process the information you provided therein to answer your enquiry and, when you use the online contact form, the IP address and date/time of the enquiry, to prevent the misuse of the contact form.
The legal basis for processing is our legitimate interest under Art. 6, para. 1 (f) of the GDPR to provide you with the "Enquiries" service described above. If the intention of your enquiry is to initiate or process a contract (including customer service and warranties), the additional legal basis for processing is Art. 6, para. 1 (b) of the GDPR.
You can object to the processing of your data based on Art. 6, para. 1 (f) of the GDPR. If we demonstrate compelling legitimate grounds for the processing, we may then continue it. In this case, this may be required in particular in order to be able to prove past communications and enquiries with you. If there are no such compelling legitimate grounds, then we will cease communication with you and delete any data already collected.
This data is deleted when our communication with you ends, i.e. the relevant facts have been clarified and there are no further legitimate interests for storing the data, or there are no further statutory obligations to store it.
2.2 For the provision of the website and performance of the services
The processing of server log data is necessary for the provision of the websites and the performance of services for technical reasons and subsequently to ensure system security.
The legal basis for processing is our legitimate interest in providing the website with our services (Art. 6, para. 1 (f) of the GDPR). Processing is absolutely essential for the use of the website for technical reasons and subsequently to ensure system security; there is therefore no right of objection.
This data is deleted after no more than 30 days.
The server log data is subsequently analysed on an anonymous basis, where necessary for statistical purposes, and to improve the quality of our Internet presence. The server log data is not linked in any way to your personal data or with other sources of personal data.
3. Sharing of the data
3.1 Sharing of data with data processing companies
We sometimes use service providers, subject to compliance with the statutory requirements, by means of commissioned processing, i.e. based on a contract on our behalf, according to our instructions and under our control.
In particular, data processing companies are:
technical service providers that we use to provide the website, e.g. service providers for software maintenance, data centre operations and hosting;
technical service providers that we use to provide functionalities, e.g. technically essential cookies;
In such cases, we remain responsible for the data processing; the sharing and processing of personal data to and from our data processing companies is based on the relevant legal basis that permits us to process data. A separate legal basis is not required.
3.2 Data transfer to local sales companies
When you send us an enquiry, we may transfer your contact data to a distributor appointed to sell our products for us if they are better able to help you with your concerns based on the actual circumstances (e.g. language knowledge). The legal basis for the data transfer is our legitimate interest in making our sales process as efficient as possible for the benefit of the customer, Art. 6 (1) f) GDPR.
4. Cookies and web analysis
4.1 What are cookies?
To make our website as user-friendly as possible and to increase the relevance of our advertising for visitors to our website, we and our partners use so-called "cookies". Cookies are small data files that are placed on the visitor's device. They allow us to provide information over a certain period and identify the visitor's computer. This also takes place in part by using so-called tracking pixels that are not placed on a visitor's hard drive, but may be helpful in identifying the computer in the same way as with a cookie. The term "cookie" below includes both cookies in the technical sense as well as tracking pixels and similar technical methods.
4.2 What cookies do we use?
On this website we use different categories of cookies: Technically essential cookies, without which the functionality of our website would be limited, and additionally optional analytical, functional, marketing cookies that generally originate from third-party providers:
Technically essential cookies
The legal basis for the use of the technically necessary cookies and the processing of your data by these cookies is our legitimate interest in displaying the functions of our website and making them available to you for use, Art. 6 (1) lit. f GDPR.
Analytical cookies collect information about how visitors use a website overall, for example which pages they access most often and whether they receive error messages from websites. These cookies do not collect data that could identify their visitors. Data collected with these cookies is not combined with other information about our visitors. All information collected with the help of these cookies is used exclusively to understand and improve the functionality and service on the website.
The legal basis for the use of analysis cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time in the cookie settings, which you can access using the link at the bottom of the website.
We use functional cookies to improve the performance on the website for you. Furthermore, in order to carefully ensure data security when transferring forms, in certain cases we use security cookies as the reCAPTCHA service from the company Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
The legal basis for the use of functional cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time in the cookie settings, which you can access using the link at the bottom of the website.
Targeting and advertising cookies are used to tailor advertising to you and your interests in a more targeted manner. They are used to limit how often you get to see the same advert, to measure the efficacy of an advertising campaign and to understand people's behaviour after they have seen an advert. These cookies are generally placed on their pages by advertising networks with the consent of the website operator (i.e. in this case ours). They recognise that a user has visited a website and pass this information on to others, e.g. advertising companies, or adapt their advertising themselves accordingly. They are often linked to a website function provided by that company. We therefore use these cookies to create a link to social networks. These can then reuse the information about your visit to customise the advertising on other websites specifically to you and provide the information about your visit to the advertising networks we use, so that the advertising that potentially really interests you can be presented to you later precisely based on your browsing behaviour. Even in these cases, we do not combine the data collected using these cookies with other information about our visitors.
The legal basis for the use of marketing cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time in the cookie settings, which you can access using the link at the bottom of the website.
List of the analysis, functional and marketing cookies
You can access the list of cookies we use and the providers who receive personal data from you using the cookies here. There you will find further information on the individual providers and cookies.
4.3 How can I give or withdraw my consent to cookies?
If you are visiting our website for the first time, the data protection notice with the consent text in optional cookies will be displayed on the initial page. By clicking on the individual categories (analysis, security and targeting and advertising cookies) and then confirming by clicking "Accept", you agree to the setting of these cookies. You can adjust and change these settings at any time in the cookie settings, which you can access by clicking on the link at the bottom of the website.
We use links to our other Internet presences on third-party websites and services, e.g. on social media channels such as Facebook, Twitter or YouTube. These third parties are solely responsible for data processing by such other service providers on their websites; their respective privacy policies apply.
We and our service providers take technical and organisational security precautions in order to safeguard your personal data managed by us against accidental or intentional manipulation, loss and destruction, or against access by unauthorised persons. Our data processing systems and security measures are constantly being improved to meet the latest technical developments.
When your personal data is transmitted to us, encryption takes place via a Secure Socket Layer (SSL). Personal data that is exchanged between you and us or another company of the BRITA Group is transmitted via encrypted connections that conform to the current state of technology.
Of course, our employees and the service providers that we engage are committed to confidentiality.
7. Your rights to information, rectification, blockage or deletion
In principle, every natural person whose personal data we process has the following rights in relation to us (i.e. depending on the relevant conditions):
- You have a right to the rectification of incorrect data and to have incomplete data completed (Art. 16 of the GDPR).
- You have a right to the blocking / restriction of processing or to the deletion of your personal data that is no longer required or that is stored based on legal obligations (Art. 17, 18 of the GDPR).
- You have a right to the portability of your data in a structured, commonly used and machine-readable format, if you have provided the data to us based on a consent or a contract between you and us (Art. 20 GDPR).
- You have a right to object to the processing of your data for direct marketing at any time (cf. also section 1.1, Art. 21 para. 2 and 3 of the GDPR).
- You have a right to object due to processing based on a legitimate interest; in this case, we may demonstrate our compelling legitimate grounds (Art. 21, para. 1 of the GDPR).We have referred above to when this right exists (see section 0).
- If you have given your consent to data processing, then you can withdraw this at any time with future effect, i.e. the lawfulness of the data processing remains unaffected up to the time of withdrawal. Once you have withdrawn your consent, you may not be able to use our services any longer.
- Please contact the address stated under section 8 with your concerns. We reserve the right to verify your identity in order to prevent your personal data from being disclosed to unauthorised persons.
You also have the right to submit a complaint to a supervisory authority for data protection.
8. Data protection officer
You can reach our Data Protection Officer at the address below:
Dr. Karsten Kinast
KINAST Rechtsanwaltsgesellschaft mbH
Version dated May 2020